Tuesday, February 24, 2009

Satori OS fingerprinting framework v0.62 released

Satori uses WinPCap. This program listens on the wire for all traffic and does OS Identification based on what it sees. Main things it works to identify are: Windows Machines, HP devices (that use HP Switch Protocol), Cisco devices (that do CDP packets), IP Phones (that send out Skinny packets), and a lot of DHCP related stuff recently, plus some other things

Here is a great software for fingerprinting i’ve just known about (thanks to Thierry Zoller) via "ToolSubmit Service". In fact, as Eric Kollman (the author) said that all known tools (Siphon, p0f (now p0f 2), Ettercap, and a few others) actually all using the same tired method of fingerprinting the TCP Syn and Syn/ACK packets.

He argues : "The problem is they missed the rest of the IP stack, they targeted one area and never moved on from there."

For the whole explaination, please read the documentation that comes with the software